The Design And Implementation Of ARP Firewall In Terminal Host Security Management System

With the deepening of Network Technology, Information security has gradually entered a new era, traditional security solutions are focused on the goal of the network boundary and usually neglected Intranet Security. In particular, in the government agencies, security departments, research institutes, banking and securities, enterprises and other units, Terminal Host in office network, internal business network, secret network is very weak and has potential safety problems.The existing security measures did not play its due role, network administrators can not understand each network endpoint security situation, they often spend a lot of time and experience, or can not solve all kinds of host terminal security and management issues. While some units to formulate stringent safety management system, however, due to the lack of appropriate technical means, the system can not effectively implement, which lead to the disclosure of confidential information, hackers, worms spread of the virus, such as the frequent occurrence of security incidents, which issue challenges of internal security network.According to IDC statistics, more than half of the security threat comes from within. As the network security of the great security challenge, and the traditional safety equipment (such as firewall, etc.) which is against outside attack can not meet the new security requirements. So we need a new generation of security technology to resolve the problems. The new solution should be within the core network security, and build a new network security management system by using Host Firewall, ARP Firewall, Mobile Media Management, HIPS, Patch Distribution, Illegal Internet Control and Capital Manage.A comprehensive network security management system should focus on the following aspects of the Internet threat:Firstly, terminal host of non-authorized use and authorized abuse.Secondly, terminal host own low-intensity security.Thirdly, peripherals and mobile media and other interface leading to the leak.Fourthly, illegal connect to intranet with the non-trust terminal host.Fifthly, illegal connect to internet triggered off the malicious attack.Sixthly, the poor management of software and hardware assets lead to security risks.On this condition, we have developed the "Terminal Host Security Management System", which is taken in advance to prevent, in a matter of monitor and after audit, to protect the terminal host.In advance to prevent is that prevent before danger coming. First of all, using strict rules to define the security-level of person, equipment resources and data, then, set clear rules and regulations and strict implementation. Restrict the dissemination of important information on the scope and restrict the action of the person who knows the important information. In advance to prevent must be through technological means to achieve, including mobile devices, applications, Internet access, file operations, such as network access control, so that only authorized personnel to use designated equipment and complete the designated operation. Secret information will be completely closed for a limited network in the region to prevent the leakage of information.In a matter of monitor is second only to in advance to prevent. Those who violate the security policy should be alarmed or blocked, which will minimize losses.After audit is necessary security measures. All actions should be record, store and easy to find later."Terminal Host Security Management System" makes up of three components, Agent, Server and Console. Agent installs on every host on which needs to be monitored, receives data, and implement the strategy instruction. Server installs on the computer which has a high-performance CPU and high-capacity memory, stores and manages the important data. Generally Console installs on the network manager's host, monitors Agent, manages all kinds of audit events, and makes security policies.Whenever there is a new class of network security-related problems arise, system can quickly solve by upgrades. Agent used an intermediary pattern for the model design, used plug-in to deal with the new change. For example, in recent years, with the network development, TCP/IP protocol suite is widely used, but there is a security hole in Address Resolution Protocol(ARP), an attacker can take advantage of the hole to hijack session or start denial of service attack. The traditional defense technology appears to be helpless, so ARP Firewall Plug-in came into being. ARP Firewall used State Machine and Reverse Detection Arithmetic to resist the ARP attack. In the process of ARP Firewall development, we leart from the advanced technology, and in accordance with the actual context of the system, used a modified algorithm to resolve the problem.In the future, with the increase in security awareness, "Terminal Host Security Management System" will be more accepted by the customers, gradually become mature and stability.